Yeah but that can easily be outsmarted. You just don’t share the identifiers.
If someone requests that info, you generate a list of possible alt accounts without also providing the identifiers
2 Likes
This is not meant to be foolproof. It’s just a way to possibly identify harmful alt accounts for games.
What the developers do with this is their decision, i doubt anyone in their right mind would use this for their anti cheat or anything like that. This is simply something that can be turned into a moderation tool for dev’s staff members to use
4 Likes
Amazing, but sad that its againt TOS
3 Likes
I just checked and it’s not necessarily against the ToS.
Sharing this info is against the ToS but using it as a developer is not!
As long as only the developer has access to this, it should be fine.
You can use this data to generate a list of alt accounts on the server and then send that list however you want (webhook, server to client, data analytics, your own servers etc)
As long as you only share the list of names generated using that data, its fine. What would NOT be fine, is also sharing that data together with the list of accounts.
4 Likes
this seems absoulutely insane
although i could see why some people would use it
1 Like
Pretty interesting, but from my perspective I don’t think Roblox will take action unless people are using this to do things like leak high-profile user’s alts, YouTubers could get heavily targeted by that.
Not saying that you’re wrong, but I feel like this sentence is said too often in any posts just referencing exploiters. Sure people are frustrated, but I’m certain everybody knows why they’re frustrated.
+ this exact sentence just annoys me.
2 Likes
Just said it out of rage, because when i saw this epic tracking method, someone mentioned its against tos, it annoys me too
1 Like
It is, check the post above you.
Plus, you technically forced the user to share it with you.
1 Like
Correct me if I’m wrong, but I’m pretty sure this reads the “up time” which might be able to be spoofed if you’re using a VM.
Since exploiters are already modifying the client, they may be able to directly spoof os.clock. I doubt that an average kid would be able to figure out how, but the exploit developers who allow others to buy their code probably would invest a lot of time into figuring this out.
With simple trial and error, even somebody who had no idea what this system is or how it works would probably figure out that they simply need to restart their PC to get a fresh identifier and evade detection.
I can see this method having a lifespan of anywhere from roughly a day to about a month before becoming irrelevant.
then again I’m not too experienced with this stuff, I may be wrong. if you find anything wrong here, let me know.
1 Like
Atleast it could get rid of trolls which dont use exploiters.
This is very interesting but I am pretty sure this would need to run on the client so the usual problem of exploiters deleting the script would apply
There is a function called elapsedTime() that does this
1 Like
It’s possible to pull much much more data out of the client.
Removed the example picture of getting more data due to not wanting to leak the methods
However I’m pretty sure this is againts the TOS. This is definetly againts the European Unions GDPR law https://gdpr.eu/ and possibly COPPA and other such laws too. So it’s in a legal grey area at best, and large parts of the world illegal.
Another thing is that spoofers exist for the data, all one needs an exploit to spoof this. Or heck, they can literallly just change their PC settings.
4 Likes
Combined with a database the links between accounts could be saved. Only a single account would need to be identified and all other related accounts could be found. I’m aware of exploiters being able to spoof all data points as this post is meant to warn of misuse on innocent players.
Example below detailing how accounts could be linked together and how a user could avoid detection.
1 Like
One doesn’t need an exploit to spoof the datapoints. All one has to do is change a few windows settings.
Your average player would most likely not even be aware that they were being tracked and as a result not do that. Plus you can select settings less likely to be changed such as the system language or timezone.
1 Like
Funfact is also possible to make a script that calculates the physical real life position of a player to a very good degree, it only works on devices with accelerometers and gyroscopes however. But it allows getting a lot of data, possibly even things like the structure of the house a user lives in, spooky stuff.
7 Likes
I don’t see the issue with this. All you know from this info is that two accounts are owned by the same individual. It’s not as if you can possibly track that individual down like you could with an IP. Correct me if I am wrong though.
Besides that point, I think this is pretty clever and cool!
From a lot of people’s pov, this wouldn’t be considered a violation of privacy, considering the minor and insignificant data that you’re given the ability to access.
The most harmful thing you could get from this is someone’s timezone, and how long their cpu has been running for. Unless you consider being able to tell if someone’s on mobile or not a privacy violation.
1 Like
Aside from this being a breach of privacy, was any testing done on this? I setup a little project because I wanted to see for myself if this was actually viable and it appears to not work outside of Roblox Studio.
Edit: Nevermind, I forgot that Discord doesn’t allow API calls from Roblox IP’s.